Data privacy statement my.mewa.de

1. How do we handle personal data?

We attach great importance to the protection and security of personal data. We will process your personal data in connection with this website in compliance with the relevant data protection regulations. We are most notably subject to the provisions set out in the European General Data Protection Regulation (GDPR) insofar as we process personal data.

We would like the users of our site to feel assured and this is why we wish to disclose our personal data handling practices and to provide you with detailed information about the processing of your data and about your rights under Art. 12, 13, 14 and 21 GDPR. This data privacy statement outlines which personal data are collected on visits to our website at my.mewa.de and how we manage these data and information.

2. Who is responsible for data processing and who is available for you to contact?

The party responsible for data processing, referred to as the controller in the GDPR and in other data protection regulations, is as follows:

MEWA Textil-Service SE & Co. Management OHG
John-F.-Kennedy-Straße 4
65189 Wiesbaden

Telephone Zentrale: +49 611 7601-0
Telefax: +49 611 7601-361
E-Mail: info@mewa.de

Contact details for our company data protection officer:

MEWA Textil-Service SE & Co. Management OHG
Datenschutzbeauftragter
John-F.-Kennedy-Straße 4
65189 Wiesbaden

E-Mail: datenschutzbeauftragter@mewa.de

3. What are personal data?

Personal data are pieces of information relating to an identified or identifiable natural person.

4. For what purposes do we process your personal data? And on what legal basis?

We process personal data for specific purposes, as explained in detail below for your information. The extent to which, and the way in which, your data are processed will essentially depend on the specific services and functions offered on our website which you use. We mainly process data for the following purposes:

  • so that you can access and visit our website and we can protect our website and other systems from security risks;
  • so that you can use the functions and services offered on our customer portal;
  • so that you can contact us (contact form / email inquiries);
  • so that we can optimise our website content, making it user-friendly and tailoring it to your needs.

Further processing of your personal data beyond the cases mentioned in this data privacy statement will only take place in circumstances where it is our express entitlement or obligation under a statutory provision or where you have explicitly consented to the data processing. We will inform you of any changes of purpose in accordance with the legal requirements.

(1) Accessing and visiting our website

You can visit our website purely for information purposes without communicating any further personal data. In this case, the only data which will be automatically saved when you visit our website are the technical access data transmitted by your browser, i.e. the name of your Internet service provider, the site from which you are referred to our site, the date and time of your visit, and the data identifying the browser / operating system used. The web server will also be required to save your IP address which may, under certain circumstances, allow reference to your personal identity. We also use cookies in order to provide you with our services in the best possible way and to tailor our website to your needs, even if you are only looking for information (details about this and your options are summarised below in the section “Use of cookies and associated functions / technologies”). The access data will not be merged with data from other sources, nor will the data be evaluated for marketing purposes.

The aforementioned access data will be stored in so-called server log files on our web server and will be required for technical reasons in order to provide a functional website and to ensure system security. In addition to the aforementioned purposes, we use access data for the sole purpose of improving the structure of our website and tailoring it to your needs purely for statistical purposes and without tracing your personal identity.

In this respect, Art. 6 (1) f) GDPR serves as the legal basis for the temporary storage of access data and log files. Our legitimate interest in this regard is to provide you with a technically functioning and user-friendly website and to guarantee the security of our systems.

The access data collected in the course of using our website are only stored for the period of time for which these data are required to achieve the aforementioned purposes. Your IP address is stored on our web server for a maximum of 35 days.

(2) Use of the Mewa customer portal

Our customer portal allows you to view and manage the Mewa products and services which you use. You can do various administrative jobs there, such as viewing rental products and arranging changes for the delivery points for which you are the responsible contact person.

If you open a user account for our customer portal, we will process the personal contact details which you provide, including your name, academic title, position and department in the company, telephone number, fax number and email address. We will also conduct the processes in your preferred language. The data are processed on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f GDPR in order to enable you to use our customer portal. After you have opened a user account, you will receive an email inviting you to set an initial password.

Unless subject to statutory retention requirements, the personal data saved in connection with your user account will be erased if you object to further processing, if the data no longer need to be processed for the purpose for which they were saved, or if their storage is inadmissible for other legal reasons.

(3) Contact form / contact requests and service tickets

We collect and store personal data which you enter in the contact form provided on our customer portal and send to us or when you contact us in any other way (e.g. by email). We also process personal data if you open a service ticket in order to arrange for changes to be made to the products and services we provide or to request changes to your user account. It is up to you to decide whether to provide us with information when making contact requests and, if so, which information. If you contact us by email, we will store the data you provide. If you use the contact form or open a service ticket on our customer portal, we collect the data you enter in the form (e.g. forename, surname, postal address, your individual message. The data marked with an asterisk (*) are mandatory and we need this information to answer your inquiry. The other voluntary details enable us to classify and process your request to better effect. When you use the contact form on our website or a service ticket, the following technical access data will also be stored at the time of sending: date and time at which you sent the request and your IP address.

If you contact us within the context of an existing contractual relationship or if you contact us in advance for information about our range of goods or other services, the data and information you provide will be processed for the purpose of processing and answering your inquiry or request in accordance with Art. 6 (1) b) GDPR (legal basis). The technical access data collected during the sending process will be stored for the purpose of providing contact options and in order to guarantee system security on the basis of Art. 6 (1) f) GDPR (legal basis), and this storage serves to safeguard legitimate interests.

We store the personal data collected when you contact us in order to process your request and for the duration of this processing. The technical access data stored in this context will only be kept for the period of time for which these data are required for technical reasons, especially for the functional provision of the contact options and in order to ensure system security. Your IP address is stored on our web server for a maximum of 35 days.

(4) Use of cookies and associated functions / technologies

We use so-called cookies in some sections of our website in order to make it attractive to visitors and to enable the use of certain functions. Cookies are files which are stored on your hard drive or in your Internet browser cache when you visit our website. We also refer to web beacons and other comparable storage technologies for tracking user activity as “cookies”. Web beacons are mostly transparent graphic images, usually no larger than 1 x 1 pixel, which are integrated into the website and will allow the detection of cookies on your devices.

One way in which we use cookies is to store session-related information within the website. These cookies expire at the end of the session / browser session (so-called transient cookies) and are not stored permanently. Other cookies remain on your computer after the browser session and enable us to recognise your computer again on your next visit (so-called persistent / permanent cookies). Persistent cookies are automatically deleted after a specified period of time which may vary depending on the type of cookie.

Cookies can be divided into the following main categories / types:

Strictly necessary cookies

Cookies for the necessary execution of specific website functions

                                             

Functional cookies

Cookies which serve to enable the website services and functions and / or to increase the “usability” of the website

Performance cookies

Cookies used to measure the performance of our website and the website content

Analysis / tracking cookies

Cookies used to carry out analyses of data on the location, the interests of visitors and on similar subjects in order to obtain information on visitors to our website and the content requested

Advertising / targeting cookies

Cookies used for the purpose of placing notifications and advertisements on websites across the Internet, especially to display notifications and advertisements which match the surfing habits / interests of the user

Messaging cookies

Cookies for the use of messaging technologies

Social media cookies

Cookies for the use of social media features, such as sharing, sending and recommending websites to other people

  

You can, of course, also visit our website without using cookies. You can disable the use of cookies on your computer by changing the browser settings for cookies. The procedure for deactivating cookies is routinely available through the “Help” function in your Internet browser. Please note, however, that these settings may affect the full availability and functionality of our website. For more detailed information on cookie settings and deactivation options, please see the explanatory notes below on the individual cookies specifically used when visiting our website and on associated functions / technologies.

The consent management tool used on our website is provided by Piwik PRO GmbH, Kurfürstendamm 21, 10719 Berlin (“Piwik PRO”). This is a plug-in which can be used to obtain consent to the use of cookies and / or comparable technologies. Piwik PRO itself does not collect any personal data. You can use the Piwik PRO Consent Manager to change the settings you have chosen at any time and to withdraw your consent to the use of unnecessary cookies and technologies at any time. The Piwik PRO Consent Manager can be opened via this link:

Privacy settings

Some of the cookies we use on our website come from third parties who help us to analyse the impact of our website content and the interests of our visitors, to measure the capacity and performance of our website, to place targeted advertising and other content on our website or on other websites, or to communicate with you. We use first-party cookies (only visible from the domain you are visiting) and third-party cookies (visible across domains and routinely set by third parties) on our website. The specific details are as set out below:

Strictly necessary cookies:

Cookie name: ppms_privacy_

Lifetime:                     365 days

Description / explanatory notes: The cookie makes it possible to obtain and store the consent of the website visitor to the use of cookies and / or comparable technologies.
 It is set by Piwik PRO.

Cookie name: ppms_webstorage

Lifetime:                     Individual objects are deleted when the underlying cookies expire. A website visitor can delete these pieces of information manually.

Description / explanatory notes: In addition to cookies, data are also stored locally in the browser of the website visitor in order to prevent data loss due to browser mechanisms. This technology stores information about cookies which have been set.

Cookie name: ppms_data_store

Lifetime:                     Deleted as soon as data entered on website forms have been sent to the server.

Description / explanatory notes: In addition to cookies, data are also stored locally in the browser of the website visitor in order to prevent data loss. This technology is used to store information which website visitors have entered on forms in order to avoid data loss during transmission processes.

Functional cookies:

Cookie name: _stg_debug / stg_debug

Lifetime:                     14 days

Description / explanations: Assesses whether the debugger of the Piwik PRO Tag Manager should be displayed. Any such cookie is removed after the debugger has been closed. The cookie is set by Piwik PRO.

Cookie name: JSESSIONID

Lifetime:                     1 day

Description / explanatory notes: Maintains the system status of the user with all page requests.

Analysis / tracking cookies:

Cookie name:     _pk_ses..

Lifetime:                     30 minutes

Description / explanatory notes: Shows an active session by a visitor. Absence of the cookie indicates that the session ended over 30 minutes ago and was counted in a pk_id cookie. The cookie is set by Piwik PRO.

Cookie name:              _pk_id..

Lifetime:   13 months

Description / explanatory notes: Used to recognise visitors and record their different attributes. The cookie is set by Piwik PRO.

Cookie name: _pk_cvar

Lifetime:                     30 minutes

Description / explanatory notes: Contains user-defined variables from the page previously displayed. It is not activated in the default settings. Needs access to the storeCustomVariablesInCookie () method for the JavaScript tracker object. The cookie is set by Piwik PRO.

Cookie name: piwik_auth

Lifetime:                     24 minutes

Description / explanatory notes: Stores session information for the Piwik PRO user interface (UI). As long as this cookie is valid and contains a login and a token_auth parameter, a visitor is regarded as a logged-in visitor and a PIWIK_SESSID cookie is refreshed.

Cookie name: PIWIK_SESSID

Lifetime:                     24 minutes

Description / explanatory notes: Stores a PHP session ID. The cookie is set by Piwik PRO.

Cookie name: stg_traffic_source_priority

Lifetime:                     24 minutes

Description / explanatory notes: Stores the visitor source type which indicates how a visitor came to our website. The cookie is set by Piwik PRO.

Cookie name: stg_last_interaction

Lifetime:                     365 days

Description / explanatory notes: Establishes whether the session of the last visitor is still going on or whether a new session has started. The cookie is set by Piwik PRO.

Cookie name: stg_returning_visitor

Lifetime:                     365 days

Description / explanatory notes: Establishes whether a visitor has already been to our website. The cookie is set by Piwik PRO.

Cookie name: stg_fired__

Lifetime:                     Session

Description / explanatory notes: Establishes whether the tag and trigger combination was activated during the session of the current visitor. The cookie is set by Piwik PRO.

Cookie name: stg_utm_campaign/stg_pk_campaign

Lifetime:                     Session

Description / explanatory notes: Saves the name of the campaign which led the visitor to our website. The cookie is set by Piwik PRO.

Cookie name: stg_externalReferrer

Lifetime:                     Session

Description / explanatory notes: Saves the URL of a website which redirected the visitor to our website. The cookie is set by Piwik PRO.

Cookie name: stg_opt_out_simulate

Lifetime:                     365 days

Description / explanatory notes: Used to simulate the action of the opt-out snippet in the debugger. It turns off all the tracking tags in the relevant domain. The cookie is set by Piwik PRO.

Cookie name: _stg_optout

Lifetime:                     365 days

Description / explanatory notes: The cookie is used to turn off all the tracking tags in the relevant domain. The cookie is set by Piwik PRO.

Cookie name: stg_global_opt_out (deprecated)

Lifetime:                     365 days

Description / explanatory notes: The cookie is used to turn off all the tracking tags on our web pages which belong to a Piwik PRO account. The cookie is set by Piwik PRO.

Cookie name: csrftoken

Lifetime:                     8 hours

Description / explanatory notes: This cookie is set for the Piwik PRO users only. It stores a CSRF token to keep the Piwik PRO forms secure. The cookie is set by Piwik PRO.

Cookie name: sessionid

Lifetime:                     8 hours

Description / explanatory notes: This cookie is set for the Piwik PRO users only. It saves the session ID of the user currently logged in. The cookie is set by Piwik PRO.

The above cookie-based data processing is carried out in the case of strictly necessary cookies on the basis of Art. 6 (1) b) GDPR (legal basis) for the supply of information and Art. 6 (1) c) GDPR (legal basis) in order to fulfil our legal obligations, most notably to provide you with a simple and documented option for granting or not granting your consent to cookies. The processing of data in respect of all other cookies is based on your consent pursuant to Art. 6 (1) a) GDPR (legal basis). Another clause which may be taken as the legal basis is Art. 6 (1) f) GDPR, i.e. the protection of our legitimate interests. Our legitimate interests as referred to in Art. 6 (1) f) GDPR most notably constitute the ability to provide you with a top-specification, user-friendly website geared to your needs and to guarantee the security of our systems.

5. Piwik PRO

We use the web analysis and tracking services provided by Piwik PRO GmbH, Kurfürstendamm 21, 10719 Berlin (“Piwik PRO”).

The analysis / conversion tracking processes are subject to your consent through the Piwik PRO Consent Manager for cookies (Art. 6 (1) a) GDPR as the legal basis). The cookies collect data on how you use this website, enabling us in turn to make further improvements to our website and services. This also includes personal data, including your IP address, user ID, device ID and visits to our website. Your IP address will be saved in an abbreviated form only so that we can no longer assign it to you personally.

The data are stored as raw data on cloud servers belonging to Microsoft Ireland Operations Limited in the EU for a period of 25 months and are then erased.

We use the Piwik PRO Tag Manager to integrate and manage some of the third-party services named in the cookie list on our website. The Piwik PRO Tag Manager enables the management of tags. Your consent settings for cookies are also taken into account in respect of the tools integrated through the Tag Manager.

Further information on Piwik PRO can be found here: https://piwikpro.de/datenschutz/.

6. How do we protect your data?

We take precautions to ensure the security of your personal data and we have appropriate technical and organisational measures in place to protect our website and other systems. Your data are most notably protected against loss, destruction, falsification, manipulation, alteration by unauthorised persons, unauthorised access and unauthorised disclosure or distribution. Any data which you provide via our website will be transmitted over the Internet in encrypted form using SSL technology.

7. Who receives your data and are they sent to a third country or to an international organisation?

The only employees who will be privy to your personal data in the first instance are our employees who are engaged in technical, commercial or editorial duties. Your data may also be forwarded to employees at other companies in the MEWA Group if they need them for these and other relevant purposes (e.g. to answer your inquiry). If you are a customer of another national company, for example, an inquiry through our contact form would also be forwarded to this national company so that it can be duly processed and answered.

We also use or instruct external service providers to perform the data processing operations outlined above. If service providers receive your personal data under commissioned data processing arrangements, they are strictly bound by our instructions when handling your personal data. The categories of external recipients are listed below:

  • IT service providers, e.g. as part of their administration and hosting of our website or individual services / functions as well as for website analysis / measurement;
  • logistics service providers, where applicable, in order to be able to send you ordered goods or information brochures;
  • payment service providers and banks for the processing of payments;
  • debt collection agencies and legal advisers for the assertion of our claims.

We do not send your personal data to countries outside the EU or outside the EEA or to international organisations as defined in Art. 4 (26) GDPR.

8. What rights do you have as a data subject?

Data subjects may assert the following legal rights against us or against our data protection officer at any time in writing or in electronic format, using the contact addresses provided (see above “Who is responsible for data processing and who is available for you to contact?”):

Right of access to information: Under Art. 15 GDPR, data subjects are entitled at any time to request confirmation as to whether or not personal data relating to them are being processed; if this is the case, data subjects are also entitled under Art. 15 GDPR to obtain information about these personal data and certain other information (such as processing purposes, categories of personal data, categories of recipients, envisaged storage period, their rights, the origin of the data) and a copy of the data in question.

Right to rectification: Under Art. 16 GDPR, data subjects are entitled to ask for personal data stored on systems to be rectified if they are incorrect or inaccurate.

Right to erasure: Data subjects are entitled under Art. 17 GDPR to request the immediate erasure of their personal data. Instances in which the right to erasure does not apply include cases where the personal data need to be processed for certain purposes, such as to fulfil a legal obligation (e.g. statutory obligations to keep records) or to establish, exercise or defend legal claims.

Right to restriction of processing: Data subjects are entitled under Art. 18 GDPR to request the restriction of the processing of personal data.

Right to data portability: Under Art. 20 GDPR, data subjects are entitled to ask for personal data concerning them and provided by them to be issued to them in a structured, commonly used and machine-readable format.

Right to object under Art. 21 GDPR:

Data subjects have the right to object, on grounds relating to their particular situation, at any time to the processing of their personal data which is carried out on the basis of Art. 6 (1) e) (performance of a task carried out in the public interest) or Art. 6 (1) f) GDPR (legitimate interests of the controller); this also applies to any profiling based on these provisions. If the data subject objects, we will no longer process the relevant personal data unless we can demonstrate compelling legitimate grounds for their processing which override the interests, rights and freedoms of the data subject, or if the data are processed for the establishment, exercise or defence of legal claims. This does not apply if we engage in direct marketing based on the above provisions. If objections are raised to the processing of personal data for the purposes of direct marketing, the personal data concerned will no longer be processed for these purposes – unreservedly and irrespective of any weighing of conflicting interests. Objections pursuant to Art. 21 GDPR may be set out in writing or emailed to us or to our data protection officer at the contact addresses provided (see above “Who is responsible for data processing and who is available for you to contact?”).

Right to withdraw consent: Data subjects have the right to revoke any declarations of consent which may have been issued under data protection law and to do so at any time with effect for the future.

Right to lodge a complaint with a supervisory authority: Data subjects are entitled under Art. 77 GDPR to lodge a complaint with a supervisory authority, especially in the Member State of their habitual residence, place of work or place of the alleged infringement, if they consider that the processing of their personal data infringes the GDPR. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy. The supervisory authority responsible for our company is as follows: [please give the name and address of the national supervisory authority responsible for the company].

Other concerns: If you have any further questions or concerns regarding data protection, please contact our data protection officer by email at [email of data protection officer].

9. Do you have a duty to provide data?

In order to make our website available to you and to enable you to use the relevant services / functions (e.g. customer portal, contact form, etc.), we need you to provide the personal data required for these purposes. Without these data, it will not be possible to access our website content or to use the relevant services / functions.

10. Are your data used in the context of automated decision-making / profiling?

You have the fundamental right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or significantly affects you in a similar manner. It is important to note that these decisions may not be routinely based on special categories of personal data pursuant to Art. 9 (1) GDPR. We would like to point out that we do not use any such decision-making processes in the context of our website and the associated data processing operations.

11. Can changes be made to this data privacy statement?

Further development of the Internet and of our website may also affect our data privacy statement. We reserve the right to revise this data privacy statement from time to time in the future in order to ensure that it complies with the current legal requirements or to reflect additions or changes to our website. The version of this data privacy statement which is applicable at the time of your visit can be accessed on each page under the link “Data privacy”.

12. How do we handle customer data in other respects?

In addition to this website-related data privacy statement, we also refer to our general information on the “Management of personal data” which outlines the policy governing the processing of personal customer data in other respects and is also available in digital form under the following link: please click here.

Last revised: November 2021